Vulnerability Description
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Fusion | >= 13.0.0, < 13.5 |
| Apple | Mac Os X | - |
Related Weaknesses (CWE)
References
- https://www.vmware.com/security/advisories/VMSA-2023-0022.htmlVendor Advisory
- https://www.vmware.com/security/advisories/VMSA-2023-0022.htmlVendor Advisory
FAQ
What is CVE-2023-34045?
CVE-2023-34045 is a vulnerability with a CVSS score of 6.6 (MEDIUM). VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder f...
How severe is CVE-2023-34045?
CVE-2023-34045 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-34045?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Fusion, Apple Mac Os X.